Kate's Clothing LTD and GDPR
Kate's Clothing Ltd operates the following web stores;
What is GDPR
The General Data Protection Regulation (GDPR) is a consistent set of data protection rules and guidelines that are being implemented across Europe, starting 25th May 2018. This affects all businesses that hold, control, or use anyone's personal or sensitive data. The aim is to create a higher standard of data protection specific to the internet centric world we now live in.
GDPR builds on our existing Data Protection Act, but The General Data Protection Regulation has a wider scope, and gives more prescriptive standards.Businesses that do not comply with the new GDPR standards face substantial fines.
The new GDPR update focuses in on individual data rights, and highlights areas such as 'consent', 'data necessity', and, 'the right to be forgotten'. More on all of this and how Kate's Clothing plan to comply with GDPR below!
Under GDPR, there are a number of reasons that legitimise the processing of an individual's personal data. Here, we have outlined the most relevant legal basis for our interactions with your data under the GDPR.
Data processing is necessary for the service to be carried out.
Order completion on our website requires freely given, specific, informed consent in a clear affirmative action. Customers are asked to read the 'What we use your data for' section and to give consent by checking a box when ordering. Customers have the right to withdraw their consent, and simply need to contact us by phone or email to do so.
To legally give consent you must be over the age of 13 years old in the UK so you will be asked on checkout to confirm this, or provide a parent or guardian to give consent on your behalf.
Please note that when you tick our consent box you are only consenting to us using your data to process your order and deal with any returns or order issues you might have. Our newsletter and social pages require a separate opt in, so you will never be added to a mailing list you didn't agree to, or contacted about anything other than your order or your Kate's Clothing account.
A record of your consent is kept electronically on your order when you tick the box online. If you order over the phone our staff will ask you for your consent before we process your order, and they will tick the box on the order form for you.
We will need to process your data to complete your order, every time you order. This means you will need to give your consent for each individual order to ensure that you are consenting to our most up-to-date GDPR policy. The consent you give will be relevant to the GDPR policy displayed on our website on the date you ordered.
What We Use Your Data For
At Kate's Clothing we only hold the data necessary to complete and ship customers orders, as well as action any returns or exchanges the customer may want. This data includes the following:
Name – used to address the order to the recipient, and used in communications with the customer.
Email Address – to send confirmation of the order and notification of shipping. We also use these to contact the customer with any issues regarding their order.
Phone Number – used in case of issues with their order or delivery.
Billing Address – for verifying payments.
Shipping Address – for sending the order to the customer.
Order Items – to ensure the customer received the desired items.
Order Cost – to process payment for the order.
Payment Method – to process payment for the order.
Either Last 4 digits of the card or Paypal transaction ID – to confirm payment method in the event of a query or refund.
This data is given to us, with consent, by our customers in order for us to process and ship the orders they place with us. The data is then shared with a select handful of necessary service providers, listed here:
Royal Mail – Our main shipping provider
Parcel Force – Our national courier provider
UPS – Our international courier provider
Paypal – Our payment processor
Bofix – Our accountants
Should you require any further information on any of our service providers please feel free to contact us via email or phone.
You can always access the information we have stored for you by logging in to your Kate's Clothing account, or again contacting us by email or phone.
Your Data, Your Rights
Thanks to the General Data Protection Regulation your rights when it comes to your data are very clear. We've outlined some of your data rights here, alongside notes on how this right is relevant when using our website.
You have the right to information about what personal data we process, how and on what basis as set out in this policy.
You have the right to access your own personal data by way of a subject access request (see below).
You can correct any inaccuracies in your personal data. To do so you should contact a member of the customer service team.
You have the right to request that we erase your personal data where we were not entitled under the law to process it or it is no longer necessary to process it for the purpose it was collected. To do so you should contact a member of the customer service team.
While you are requesting that your personal data is corrected or erased or are contesting the lawfulness of our processing, you can apply for its use to be restricted while the application is made. To do so you should contact a member of the customer service team
You have the right to object to data processing where we are relying on a legitimate interest to do so and you think that your rights and interests outweigh our own and you wish us to stop.
You have the right to object if we process your personal data for the purposes of direct marketing.
You have the right to receive a copy of your personal data and to transfer your personal data to another data controller. We will not charge for this and will in most cases aim to do this within one month.
With some exceptions, you have the right not to be subjected to automated decision-making.
You have the right to be notified of a data security breach concerning your personal data.
In most situations we will not rely on your consent as a lawful ground to process your data. If we do however request your consent to the processing of your personal data for a specific purpose, you have the right not to consent or to withdraw your consent later. To withdraw your consent, you should contact a member of the customer service team.
You have the right to complain to the Information Commissioner. You can do this be contacting the Information Commissioner’s Office directly. Full contact details including a helpline number can be found on the Information Commissioner’s Office website (www.ico.org.uk). This website has further information on your rights and our obligations.
Subject access requests
You can make a ‘subject access request’ (‘SAR’) to find out the information we hold about you. This request must be made in writing to our customer service team.
We must respond within one month unless the request is complex or numerous in which case the period in which we must respond can be extended by a further two months.
There is no fee for making a SAR. However, if your request is manifestly unfounded or excessive we may charge a reasonable administrative fee or refuse to respond to your request.
Data is collected for each individual order so the data we process is always accurate and up to date. We annually audit and cleanse our newsletter and marketing data to ensure the quality of the data set it kept high. You can update your own data in you account or contact us to update your data for you.
Retention And Disposal
We retain order data as long as necessary for Tax and VAT purposes which is a minimum of 7 years and a maximum of 10, after which the data is permanently deleted from our system in our annual data cleanse. During this data cleanse we also remove inactive subscribers from our newsletter list to keep the data set high quality.
Our accountants also have their own GDPR policy that deals with disposal of old data, this information is available on request.
Should you wish to be 'forgotten' from our system we can manually redact the relevant data from your orders and delete your account from our system. We can also contact any of our 3rd party suppliers that may have your data and ask them to do the same. You have the right to delete your own accounts and unsubscribe from any communications manually, however to ensure you are completely gone from all records you should contact us by phone or email expressing your particular concerns.
You can easily copy and move your order data with our easy PDF download option. This features allows you to download a PDF version of all the data we hold for you on each of your orders. You must log in to your account where your data is stored and view your order history, there you will find a list of your order data and you can choose simply to view it or to download a copy for your own records.
This page aims to include all the information you might find relevant for our GDPR compliance and should be viewed as an extension to our current privacy and security policies, however our Full GDPR compliance policy is available on request. Feel free to get in touch with a member of our customer service team for more info!